Training

Incident Response and Forensics in a Linux Environment

It is a scenario that most system administrators recognize.
Responsibility for a legacy system is thrust upon you, with little
documentation or time for familiarization. Bad things happen, and you
are expected to quickly bring the system back into service. You know
how it goes.

In this course, the participants get full root access to a number of
Linux systems, running more or less familiar services. Working in
teams during two intense days of hands-on tournament style exercises,
their task is to defend against and analyze realistic attacks of
increasing sophistication, while keeping their systems up and running.
The teams are scored on their performance, and the winning team will
be celebrated the most l33t admins. There may even be prizes.

The teams will not be totally unprepared, though, as the course starts
with a high speed, high density introduction into incident response
and battlefield forensics, where the focus is on fully understanding
what happened in an incident, so that the system can quickly be
brought back into secure service.

This course draws on the lecturer's 15 years of expericence from IT
security in complex environments to deliver an up-to-date, hands-on,
and, above all, fun training.

What do previous participants say?

"I can warmly recommend the Incident Response and Forensics Game from
Nixon Security to all serious research sites, it really gives a boost
to the skills and motivation of your system admins. And the game is
fun too." Urpo Kaila, Head of Security, CSC - IT Center for
Science/Security Officer, EUDAT.

"The feedback from our system administrators has been exceptional and
the course was clearly excellent. From the comments received, you are
obviously very knowledgeable on the subject of computer security and
were able to communicate the information very clearly. The course was
well structured and has been of great benefit to our community."
Prof. D.I. Britton, GridPP Project Leader

Requirements

This course targets experienced system administrators who are
comfortable in running Linux systems.

To be able to fully participate, you should be able to confidently say
"yes" to at least half of these items:

You know at least three ways to list all running processes

You can read and more-or-less understand scripts even when you don't
really know the language they are written in

You know how to configure a local firewall

You can explain how the CGI interface in a web server works

You know what ARP, DHCP, PHP, BIND and ELF are.

You can explain the difference between exec() and fork()

Also, you are expected to be able to use OpenSSH keys.

Booking

Please
contact training@nixon-security.se
for more information about hosting a training event for your
organization. We offer competitive pricing, with special rates for
academia.